CVE-2025-68362

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()

The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header.

If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic.

Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < 118e12bf3e4288cf845cd3759bd9d4c99f91aab5affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < 6a96bd0d94305fd04a6ac64446ec113bae289384affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < e2f3ea15e804607e0a4a34a2f6c331c8750b68bcaffected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < dc153401fb26c1640a2b279c47b65e1c416af276affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < 4758770a673c60d8f615809304d72e1432fa6355affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < 638d4148e166d114a4cd7becaae992ce1a815ed8affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < 5ebf0fe7eaef9f6173a4c6ea77c5353e21645d15affected
LinuxLinux6f7853f3cbe457067e9fe05461f56c7ea4ac488c < b647d2574e4583c2e3b0ab35568f60c88e910840affected
LinuxLinux2.6.27affected
LinuxLinux0 < 2.6.27unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.63 <= 6.12.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References